Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-5079 2 Netcreators, Typo3 2 Irfaq, Typo3 2025-04-11 N/A
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
CVE-2011-5086 1 Nsoftware 1 Unitronics Uniopc 2025-04-11 N/A
https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.
CVE-2011-5238 1 Google 1 Checkout-php 2025-04-11 N/A
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5239 1 Civicrm 1 Civicrm 2025-04-11 N/A
CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5241 1 Services Twitter Group 1 Services Twitter 2025-04-11 N/A
Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5242 1 Themattharris 1 Tmhoauth 2025-04-11 N/A
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-0584 2 Apple, Microsoft 2 Safari, Windows 2025-04-11 N/A
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.
CVE-2012-0799 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.
CVE-2012-0647 1 Apple 1 Safari 2025-04-11 N/A
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
CVE-2012-0651 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
CVE-2012-0674 1 Apple 1 Iphone Os 2025-04-11 N/A
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.
CVE-2012-0676 1 Apple 1 Safari 2025-04-11 N/A
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
CVE-2012-0690 1 Tibco 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more 2025-04-11 N/A
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
CVE-2012-0703 1 Ibm 2 Infosphere Information Server, Infosphere Information Server Information Services Framework 2025-04-11 N/A
Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-0709 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
CVE-2012-0710 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
CVE-2012-0837 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
CVE-2012-0731 1 Ibm 1 Rational Appscan 2025-04-11 N/A
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2012-0735 1 Ibm 1 Rational Appscan 2025-04-11 N/A
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
CVE-2012-0738 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 N/A
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.